Virtual Private LAN
Services

Virtual Private LAN
Services (VPLS) is a multipoint Layer 2 VPN (L2VPN) technology that allows
multiple sites to be connected over a simulated Ethernet broadcast domain,
which is supported across a provider-provisioned IP/MPLS network. In other
words, VPLS delivers multipoint Layer 2 connectivity over a Layer 3 network
architecture. VPLS evolved as a logical extension of Ethernet over MPLS
(EoMPLS), which was developed to enable point-to-point Ethernet-based L2VPN
services.

At a basic level, VPLS
can be defined as a group of Virtual Switch Instances (VSIs) that are
interconnected using EoMPLS circuits to form a single, logical bridge. In
concept, a VSI is similar to the bridging function found in IEEE 802.1q bridges
where a frame is switched based on the destination MAC and membership in a
Layer 2 VPN (a virtual LAN or VLAN). If the destination address is unknown, or
is a broadcast or multicast address, the frame is flooded to all ports
associated with the VSI, where a port, in the context of VPLS, is an EoMPLS
virtual circuit (VC) pseudowire.

VPLS uses the provider
core to join multiple attachment circuits together to simulate a virtual bridge
that connects the multiple attachment circuits together. From a
user-perspective, there is no topology for VPLS. All of the customer edge (CE)
devices appear to connect to a logical bridge emulated by the provider core.
See the figure below:

Figure 1. Virtual
Private LAN Services

With VPLS, all CE
devices participating in a single VPLS instance appear to be on the same LAN;
therefore, each CE device can communicate directly with one another in a
multipoint topology, without requiring a full mesh of point-to-point circuits
at the CE device. In a VPLS network, CE and provider edge (PE) devices are not
routing peers, so there is no need for service providers to provision customer
IP routers; this is a significant advantage over MPLS L3 VPN services. Compared
to traditional LAN switching technologies, VPLS is also more flexible in its
geographic scaling, so that CE sites may be within the same metropolitan
domain, or may be geographically dispersed on a regional or national basis.

VPLS using Label
Distribution Protocol (LDP) Signaling is supported. To enable VPLS over a
network, a
full-mesh or ring configuration with bridge-domains (pseudowires or Ethernet
Flow Points (EFPs)) must be established using the Label Distribution Protocol
(LDP). Dynamic pseudowires over LDP signalled, Static Pseudowire, Traffic
Engineering (TE), or Transport Profile (TP) label switched path is supported in
this release.

VPLS can be enabled
on these configurations:

Full-mesh

Ring

Full-Mesh
Configuration

The full-mesh
configuration requires a full mesh of label-switched paths (LSPs) tunnels
between all the PEs that participate in the VPLS. The tunnel label switched
paths are required only for TE and TP configurations and not for LDP. With a
full-mesh configuration, signaling overhead and packet replication requirements
for each provisioned VC on a PE can be high.

To set up a VPLS, a
virtual forwarding instance (VFI) must be created on each participating PE
router. The VFI specifies the VPN ID of a VPLS domain, the addresses of other
PE routers in the domain, and the type of tunnel signaling and encapsulation
mechanism for each peer PE router.

The set of VFIs
formed by the interconnection of the emulated VCs is called a
VPLS
instance; it is the VPLS instance that forms the logic bridge over a
packet-switched network (PSN). The VPLS instance is assigned a unique VPN ID.

The PE routers use
the VFI to establish a full-mesh LSP of emulated VCs to all the other PE
routers in the VPLS instance. PE routers obtain the membership of a VPLS
instance.

The full-mesh
configuration allows the PE router to maintain a single broadcast domain. The
CE devices view the VPLS instance as an emulated LAN.

To avoid the problem
of a packet looping in the provider core, the PE devices enforce a
split-horizon principle for the emulated VCs. That means if
a packet is received on an emulated VC, it is not forwarded on any other
emulated VC.

After the VFI has
been defined, it needs to be bound to a bridge-domain to the CE device.

The packet
forwarding decision is made by looking up the Layer 2 VFI of a particular VPLS
domain.

A VPLS instance on a
particular PE router receives Ethernet frames that enter on specific physical
or logical ports and populates a MAC table similarly to how an Ethernet switch
works. The PE router can use the MAC address to switch those frames into the
appropriate LSP to be delivered to another PE router at a remote site.

If the MAC address
is not in the MAC address table, the PE router replicates the Ethernet frame
and floods it to all logical ports associated with that VPLS instance, except
the ingress port where it just entered. The PE router updates the MAC table as
it receives packets on specific ports and removes addresses that are not used
for specific periods.

Ring
Configuration

Ring configuration
reduces both signaling and replication overhead, and also the bandwidth
utilization for multicast traffic. Ring VPLS has an interconnection of PEs in a
ring fashion. The main difference between ring and mesh VPLS is that in mesh
VPLS, split horizon is enabled between the core PWs, and in a ring VPLS, split
horizon is disabled. To prevent the consequential loop, at least one span in
the ring is deprived of the PW configuration, that is, in a ring formed from X
number of PEs, there will be (X-1) PWs with split horizon disabled.

Comparison of
Mesh VPLS with Ring VPLS

VPLS builds a full
mesh of connections by default. In full mesh VPLS, multiple copies of customer
traffic is present in the network path. In full mesh VPLS, if the number of
multicast receiving node is N, there will be around N/2~1 copies of traffic
along the network path.

In ring VPLS, a
single copy of customer traffic traverses the network path. IGMP snooping
feature replicates multicast steam to all destination sites which have joined
the multicast group. Its forwarding mechanism is similar to Ethernet multicast
forwarding mechanism. Ring topology is best suited for multicast application
where the receivers are distributed across the PEs. Flooding of multicast
traffic in the ring can be controlled by enabling IGMP snooping on the VPLS
service.

Fault Handling
in Ring VPLS

It is recommended
to have protected TP tunnels between all PEs for robust network. In such a
topology, a single link fault has no effect on the multicast entries and has a
switch time of 50 milli-seconds. To counter multiple failures in the ring,
redundancy at the router end is relied upon as shown in the below figure.

Figure 2. Efficient
Video Distribution Logical Topology

The active or
the standby state at the router is handled by the native multicast protocol and
redundancy configurations at the router end.

Configuring
VPLS

Provisioning a VPLS
link involves provisioning the associated bridge-domain and the VFI on the PE.
Before you configure VPLS, ensure that the network is configured as follows:

(Only Dynamic
MPLS) Configure IP routing in the core network so that the PE routers can reach
each other through the IP.

Configure MPLS
in the core network so that a LSP exists between the PE routers.

Configure a
loopback interface for originating and terminating Layer 2 traffic. Make sure
that the PE routers can access the loopback interface of other routers.

VPLS configuration
requires you to identify peer PE routers and to attach Layer 2 circuits to the
VPLS at each PE router.

The attachment circuit
(AC)-less model is used to provision PWs. There is no AC-VFI binding in any of
the VPLS deployment scenarios. AC is transparent to VFI and is handled
completely by the bridge-domain.

Interaction of
VPLS with other Features

The VPLS feature
supports QoS, In-Service Software Upgrade (ISSU), High Availability (HA), and
active-active forwarding. Active-Active forwarding is supported by VPLS only
when graceful-restart is enabled.

The VPLS feature
provides multicast support that is required for efficient video traffic
distribution. This is achieved by enabling IGMP snooping on the VPLS
bridge-domain. The IGMP snooping for VPLS, provides the ability to send Layer 2
multicast frames from the CE in a VPLS VFI only to those remote peer CEs that
have sent an IGMP request to join the multicast group. IGMP on VPLS does not
support static multicast routers.

The VPLS feature
supports MAC learning and MAC flush on the VPLS bridge-domain and MAC
withdrawal, based on the LDP update. VPLS-capable systems must dynamically
learn MAC addresses on the EFPs and PWs and must be able to forward and
replicate packets across both EFPs and PWs. MAC entries are learnt per VFI.

The VPLS feature
supports Link Aggregation (LAG) on the EFP side and not the PW side.

On the EFP side, if
Resilient Ethernet Protocol (REP) is enabled, the VPLS feature supports MAC
flush and withdrawal when REP switchover is triggered. MAC flush is triggered
when access PW switchover occurs and when the VPLS EFP comes up per
bridge-domain. When the core PW goes down, the MAC flush occurs per PW. The
following figure explains the REP and VPLS interaction:

When there is a
link failure, the REP ports are unblocked and the REP ring is restored in less
than a second. REP access failure is propagated through REP Topology Change
Notification (TCN) across the ring. REP TCN triggers MAC withdrawal and the
traffic can be quickly restored over the VPLS domain

Supported
Encapsulation and Rewrite Operations

The supported
encapsulation and rewrite operations for VPLS are listed in
Table 2.

Example: Mesh
Topology

This section
contains examples that show how to configure VPLS using Cisco IOS commands.

The example in this
section explains how to configure VPLS in case of a mesh topology that is shown
in the below figure:

Create an access
pseudowire on the node (user provider edge (U-PE)) that must be added to the
existing VPLS circuit. The access pseudowire must be created from U-PE to an
unmanaged node only. To create an access pseudowire, see
DLP-J91 Create a Pseudowire Using CTC.

In the General
tab, view the name, description, service ID, and MTU of the VPLS circuit.

Step 8

In the Endpoint
PWs tab, view the node list that are part of the selected VPLS circuit. Select
the node in the VPLS Node List area to view the details of its neighbor node in
the Neighbors area.

You can create
new endpoints only for Ethernet Private LAN and Ethernet Virtual Private LAN.

To create new
endpoint PWs for this VPLS circuit:

Click
Create. The Define New Drop wizard appears.

In the New
Drop screen of the wizard, choose a VPLS type.

Click
Next.
The VPLS Configuration screen is displayed.

Click
Select Nodes
for the VPLS Network. The Select Nodes for the VPLS Network screen is
displayed.

To select
the nodes for the VPLS network:

Select a
node from the network map and click
Add. The Add node dialog box appears.

Check
the
Unmanaged Node check box when the node is not a
node. If this
check box is checked, enter the IP address of the unmanaged node.

From the
Node drop-down list, choose a node and click
Apply.

Repeat
Step 8ei to Step 8eiii to add the remaining nodes.

Click
Apply. The nodes are added to the VPLS network and are
displayed in the VPLS Configuration screen.

In the
VPLS Configuration screen, choose
the pseudowire class from the PW Class A and PW Class Z
drop-down lists.
The
available attributes are:

Span—(Display only) Indicates the circuit span information.

VC ID
A—(Display only) Indicates the VC ID of the first node in the span.

VC ID
Z—(Display only) Indicates the VC ID of the second node in the span.

Split
Horizon A—(Display only) Indicates the split horizon status (enabled or
disabled) of the first node in the span.

Split
Horizon Z—(Display only) Indicates the split horizon status (enabled or
disabled) of the second node in the span.

Manual
Route—Adds an intermediate node between the first and the second nodes in the
span.

S-PE
Right—(Display only) Indicates that the intermediate S-PE node is present on
the right side of the first node in the span.

S-PE
Left—(Display only) Indicates that the intermediate S-PE node is present on the
left side of the second node in the span.

Click
Finish.

To delete
an endpoint PW, select the node in the VPLS Node List area and click
Delete Node.

Step 9

In the S-PE
Nodes tab, view the node list that is part of the selected VPLS circuit. Select
the node in the VPLS Node List area to view the details of its neighbor node in
the Neighbors area. You can delete the neighbor and node by selecting them and
clicking the
Delete
Neighbor or the
Delete
Node button.

Step 10

In the
Endpoint EFPs tab, view the EFPs that are part of the selected VPLS. You can
create new endpoints only for Ethernet Private LAN and Ethernet Virtual Private
LAN. To create a new endpoint EFP for this VPLS:

Click
Create. The Define New Drop wizard appears.

In the New
Drop screen of the wizard, choose a node from the Node drop-down list.

To choose
a port to serve as the EFP:

From
the Fabric/Line/Satellite Slot drop-down list, choose a slot.

From
the Port drop-down list, choose a port to serve as the EFP.

To choose
a channel group to serve as the EFP:

Check
the
CHGRP as EFP check box.

From
the CHGRP drop-down list, choose a channel group to serve as the EFP.

Click
Next.
In the EFP Configuration Preview screen of the wizard, CTC displays the VPLS
path.

Select the
Node from the network map. The EFP Selection area displays the node selected.

From the
Available Ports drop-down list, choose the ports.

In the EFP
Configuration tab, specify the VLAN configuration for this EFP.

Click
Finish
to create a new EFP for this VPLS.

Note

After you
have completed the
DLP-J335 Create a VPLS Circuit Using CTC
procedure, you can create new endpoints EFPs/PWs or add existing EFPs/PWs to
this VPLS circuit. CTC allows you to add only until 127 entries; EFPs or
neighbor nodes. This number includes the total number of entries made in both,
Endpoint PWs tab and Endpoint EFP tab. CTC blocks any attempts to add more than
127 entries to this VPLS circuit.

Step 11

In the EFP
Configuration tab, view the configurations of the EFP. Also, specify the VLAN
configuration for the selected EFP.

From the
EFP drop-down list, choose an EFP to view its configuration.

From the
EFP State drop-down list, choose UP or Down to change the up or down status of
EFP.

In the
Outer VLAN Configuration area, choose the type of VLAN tagging:

Double
Tagged

Single
Tagged

Untagged

Default

Any

Note

The VLAN
tagging type chosen for Ethernet Private Line and Ethernet Private LAN is
Default. Do not change this option for the source EFP.

Enter a
VLAN tag in the VLAN Tag field. For example, enter 10,20,30-50 without white
spaces in the VLAN Tag field.